diff options
Diffstat (limited to 'etc/systemd/system/monerod@.service')
| -rw-r--r-- | etc/systemd/system/monerod@.service | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/etc/systemd/system/monerod@.service b/etc/systemd/system/monerod@.service index 0dfd9e70..f1d91961 100644 --- a/etc/systemd/system/monerod@.service +++ b/etc/systemd/system/monerod@.service @@ -1,6 +1,31 @@ [Unit] Description=Monero Full Node for user %I After=network.target +# `man systemd.unit` +# Notes about my tests with BindsTo= and other options see this url: +# https://git.flylightning.xyz/public_archive_codes/tree/configs/configs_root_dir/etc/systemd/system/monerod_after_bindsto_mullvad.service +# I want monerod tunnel all traffic through wireguard, otherwise China ISP will +# think I mine crypto and will be unhappy. This is one of the measures I take, +# which is to only run monerod when wg_ba network interface is up. **Note it +# seems there will still have some traffic being leaked when wg_ba is down**, +# maybe due to moenrod does not being killed immediately. Maybe use use +# KillSignal=SIGKILL can kill it faster, see `man systemd.kill`, but I don't +# want it to be killed with SIGKILL even when proper poweroff computer so maybe +# don't use it. It can be tested with sth. like `sudo tcpdump -i wlp2s0 port +# 18080`. wg_ba is tunnelling all computer traffic through ba. I bind it to +# wg_ba because trying to make monerod tunnel traffic to wireguard when +# wg_master is up is hard. wg_master does not tunnel all computer traffic. +# monerod --p2p-bind-ip does not work as expected when under wg_master, see vq +# bug notes. ba VPS nftables.conf also need `oifname $wg_iface masquerade` for +# monerod to tunnel some traffic through ba wireguard when insp is under +# wg_master, but this has issue of insp can't access ib qbt and jackett because +# I guess this maybe somehow also masquerade my website accessing ib qbt and +# jackett with other ip which ib nft refuse to let the ip to see its local +# ports. One way I could think to make monerod tunnel all traffic through +# wireguard is to use virutal network interface and namespaces but that is very +# complicated. +After=sys-subsystem-net-devices-wg_ba.device +BindsTo=sys-subsystem-net-devices-wg_ba.device [Service] User=%i @@ -9,8 +34,14 @@ Type=simple ExecStart=/usr/bin/monerod --non-interactive StandardOutput=null StandardError=null - -Restart=always +# `man systemd.service` +# I would like to kill monerod with my vpn script as one of the measures to +# bind it to wg_ba wireguard network interface, so no restart. If restart, +# after me kill monerod, it will be restarted which is not what I want. I don't +# wish to always make it run, run only for some time after me start the +# computer is ok for me, just need to sync and share the monero node a little +# bit, I'm fine if later on moenrod got killed for whatever reason. +Restart=no [Install] WantedBy=multi-user.target |